How security policies help you stay compliant and gain ISO 27001 certification

This is blog 4, the latest in a series dealing with security management

4
 min read |  
18/11/2022
 |  
Business critical applications

Where do I start in creating and implementing security policies? How do I know if I'm ready for the ISO audit? With this blog you will know which checklist you can find online and you will also be up to date immediately on the templates for ISO 27001 that you can find in the Azure portal. The question is not whether you will achieve that certification, the question is which KPIs you will monitor in your dashboard.

Processes require policies

Anyone who wants to achieve goals must look at strategy and planning. It's the same with security management. Anyone who wants to stay secure or achieve ISO certification must meet a number of standards around processes. And for that you need technology and policy. We already wrote more about it. ISO 27001/9001 - Roadmap to Modern Service Management for the Azure Cloud.

The previous blogs on MFA, the secure score and monitoring with Azure Sentinel, among others, all contribute to the technical checklist for ISO. The majority of our customers are ISO certified. It is therefore also important for them to continue to develop in order to maintain this certification. You can read more about the results in our customer cases. What can such a process look like and what checkboxes do you have to go through? Think of a reassessment by means of an audit for the ISO, descriptions of processes, access control, policy regarding system rights and a manual 'how to act in case of incidents'.  

Templates ISO & security Azure portal

There are plenty of checklists for ISO on the Internet. We have chosen to share with you the technical checklist to help you bridge the gap between business and IT.  

Tip from Marco: 9001 mainly contains rules around processes and reporting on exceptions. 27001 is mostly about data protection, think GDPR, access to workspaces and systems. While you're at it: get them both in order. 27001 is not a logical sequel, but a must!

'Old' in a new look? - security.txt  

Recently, security.co.uk came out with this post calling for making a security.txt available on your Web site. Security.txt is a file that allows organizations and websites to list their policies for dealing with security vulnerabilities. Security researchers can use this information to directly contact the appropriate department or person within the organization about found vulnerabilities. Tweakers also gave it due attention. Digital Trust Center begins campaign to implement security.txt - Computer - News - Tweakers

Have you read and implemented it yet? We did it this way.
Follow the example of Air Miles, Allego, Humanitas and Qualogy and request a free consultation or demo.

Download our cheat sheet BizDevOps

We combine data and foresight with intuition and lasting behavior change. How. We wrote out the first steps for you in our BizDevOps cheat sheet. Download it now for free and start your digital transformation today.

5
 min read |  
19/7/2024
Team huddle: A weekly moment for connection and effectiveness in your team
In the digital age where technology drives the way we work, collaboration is becoming increasingly challenging. Teams are scattered across different locations and working on a variety of projects, so connectedness can quickly be lost. How can we ensure that team members stay engaged despite this distance?
Business critical applications
3
 min read |  
19/7/2024
Back to the 80's! - Recap Azure & AI Lowlands
June 27 was the day: the Azure & AI Lowlands event! With the entire Cloud team we traveled to this event, completely in '80s style. Think neon colors, retro games, iconic 80s vehicles and of course a lot of tech talks on Azure and AI.
Our team members
4
 min read |  
5/7/2024
The Role of Agile Coach - In conversation with Gert-Jan
Meet Gert-Jan! Agile Coach at TeamValue. Scrum working is totally his thing. And he likes to help his colleagues with this. Curious about working at TeamValue? Then read on quickly.
More information about this blog? Get in touch with the author(s).
Marco van der Steijle
Sign up for the newsletter!
SIGN UP NOW
Background

Join our team!

TeamValue is a young and fast growing company with a solid foundation. We are looking for people who have IT skills and enjoy giving workshops. Searching together for the best solution for a customer. That is what we are all about!

Azure Solution Developer

A very dynamic role, in which more than just technical skills are required! You are that Fullstack Software Developer who knows how to build business-critical applications. All your solutions must be rolled out 100% automatically.

Full-time
Zwolle

Cloud Engineer

You are the Cloud Engineer who understands the old world, has a lot of experience in it and secretly wants nothing more than to enter the new world of Modern Service Management and the public cloud. Do you have scripting skills, do you stand for proactive management and are you 'on' when it comes to solving (im)possible problems? The team can't wait to meet you.

Full-time
Zwolle

Business Intelligence Consultant

You have guts! Because you dare to be critical towards our customers. You really help the client one step further. You think with us, ask questions and respond. Because TeamValue goes for the best result.

Full-time
Zwolle